Delta Systems Srl Privacy Notice
Art.13 Eu Regulation n.2016/679
Introduction
Pursuant to art. 13 of the European Regulation n.2016/679 (hereafter GDPR) concerning the protection of individuals with regard to the processing of their personal data, we inform you that the personal data collected by Delta Systems Srl in the context of its activities will be processed in compliance with the articles 5 and 6 of the GDPR, notably the principles of fairness, lawfulness, transparency, necessity and proportionality.
Data Controller
The data controller is Delta Systems Srl (hereafter the “controller”); its premises is in via Quarenghi 11, 24122 Bergamo (Bg) – VAT number: 03588520167 – Tel. 0350296740 – Legal email: E-mail PEC:
This email address is being protected from spambots. You need JavaScript enabled to view it.
, legally represented by Mr Marco Maywald. The internal delegate to the data processing system is Mr. Marco Maywald as Delta Systems company CEO.
Data processing purposes and methods
The data processing will be carried out to allow the execution of all the controller business-related activities, in particular:
- Managing the relationship with effective and prospective customers
- Managing the relationship with suppliers,
- Managing the accounting operations and tax-related activities
MANAGING THE RELATIONSHIP WITH EFFECTIVE AND PROSPECTIVE CUSTOMERS
The processing purpose is managing the contracts / orders / offers with customers. The processing includes the registration of customer data, the management of the customer database, the management / storage of invoices and packing lists (documents of transportation) issued to customers and the checking of the related payments, managing the communications to customers through the available contact channels (ordinary mailing, e-mail, telephone). The controller does not process personal data of potential customers for direct marketing purposes either with electronic tools or traditional tools
MANAGING THE RELATIONSHIP WITH SUPPLIERS
The data processing is connected to the management of contracts / orders / offers with suppliers. The processing includes the registration of suppliers, the management of the supplier database, the management / storage of invoices and Packing Lists (documents of transportation) received from suppliers and the checking of the related payments, the management of communications to suppliers through the available contact channels (ordinary mailing, e-mail, telephone).
MANAGING THE ACCOUNTING AND TAX RELATED ACTIVITIES
The data processing deals with the management of invoices and commercial documents related to sales and purchases, business relations with banks and insurance companies, the first cash note and in general the managing of assets, insurances, monthly balances, company vehicles, fuel cards, treasury, payment timing to suppliers and payments from customers. The transmission of accounting and tax documents to professionals such as the company accountants are organized according to the forms established by law.
Processing legal basis
In compliance with the provisions of art.6 of the GDPR, the legal basis for the controller lawful processing of personal data is represented by the execution of contractual obligations with the customers or the suppliers, by the obligation of complying with law provisions established in fiscal and tax matters or by the legitimate interest in the case of technical / commercial communication and offer with potential customers.
Retention period
All personal data processed by the controller within the scope of its activities are kept according to the following time period or criteria:
|
Processing scope |
Processing purposes |
Personal data retention period starting from data collection |
|
Customer Management |
Customer master data |
10 years from the last order or information request |
|
Prospect Management |
Prospect master data |
10 years from the last request of information |
|
Customer Management |
Order confirmations and commercial documents |
10 years from the last request of information |
|
Prospect Management |
Offers and exchange of commercial communications |
10 years from the last request of information |
|
Supplier management |
Order creating and emission |
10 years from the last request of information |
|
Supplier management |
Mailing and commercial documents |
10 years from the last request of information |
|
Accounting management |
Emission and management of the compulsory accounting records |
10 years according to art.2220 c.c., except the provision of art. 22.2, D.P.R. n. 600/1973 |
When such terms expire, the personal data contained in the cited documents or in the commercial communications will be destroyed or made anonymous.
Compulsory nature of personal data communication and consequences in case of refusal to do it
The customer or supplier personal data are processed by the controller in order to carry out his business activities and are necessary for the conclusion of the sale or supply contract and for managing the related commercial communications. The provision of such data is not mandatory by law but without them it is not possible for the controller to manage the business relationship with the customer or the supplier.
Personal data recipients
In order to comply with certain legal obligations in the taxation, insurance, social security and banking areas or for the protection of its rights in court or through ADR methods, the controller, within the scope of its activities, may communicate personal data whether processed to:
- Accountants, lawyers, mediation bodies
- Control party (revenue agencies, finance guard, customs, etc.)
- Insurance and credit institutions
The controller proceeds to the processing of personal data necessary to achieve the indicated purposes through persons of its own organization, specifically authorized to these operations through formal letter of appointment, trained and committed to a confidentiality obligation regarding the processed information.
The controller also entrusts some processing to third recipients which act on behalf of and in the interests of the controller and which are designated - pursuant to article 28 of the GDPR - external processors through a formal contract. A list of the main data processors is available by contacting the controller at the following email address: This email address is being protected from spambots. You need JavaScript enabled to view it.
Transfer to a third country
Personal data acquired through this website and through the other communication channels of the Data Controller may be stored in the Cloud area using Dropbox inc service. (payment version "Plus"), a company that adheres to the Privacy-Shield convention between the European Union and the United States of America. To know more:
https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0
Certain categories of personal data obtained by the controller during its business activities (in particular the contact details of logistics service providers), may be transferred outside the European Union to allow non-EU customers to plan pick-up operations with these EU-based logistics platforms. These transfers of personal data, if any, take place in the context of the commercial relationship with customers and suppliers.
Data subject rights
In relation to personal data processing by this company, the data subjects are always entitled, within the limits and under the conditions set out in art. from 15 - 22 of the Eu regulation 2016/679, to exercise the following rights:
- Right of access by the data subject;
- Right to rectification and erasure;
- Right to data portability
- Right to restriction of processing
- Right to object for marketing purposes on the base of the controller legitimate interest
The data controller communicates to all the recipients to whom the data subject personal data have been transmitted any corrections, erasures or limitations of the processing, unless this proves impossible or involves a disproportionate effort.
The data subject has also the right to lodge a complaint with the Data Protection Authority if he/she believes that they are unlawfully used and the processing persists despite the controller be requested to stop it. To exercise these rights, please write to This email address is being protected from spambots. You need JavaScript enabled to view it.
RIGHT OF ACCESS
The right of access implies that the data subject can obtain from the controller the following information:
1) the purposes of the processing,
2) the categories of personal data concerned,
3) the recipients or categories of recipients to whom such personal data have been or will be communicated, in particular if recipients belongs to third countries or international organizations,
4) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing,
RIGHT TO RECTIFICATION AND ERASURE
The data subject shall have the right to obtain from the controller:
- without undue delay the rectification of inaccurate personal data concerning him or her,
- the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her where:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed,
- the personal data have to be erased for compliance with a legal obligation in the Union or Member State law to which the controller is subject,
- the personal data have been collected in relation to the offer of information society services offered
RIGHT TO DATA PORTABILITY
The right to portability implies that, without adversely affecting the rights and freedoms of others, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
This right can be exercised if the data processing legal ground is:
1a) a specific, informed, freely-given and unambiguous consent or
1b) a contract to which the data subject is part, and
2) the processing is carried out by automated means
RESTRICTION AND OBJECT OF PROCESSING
The right to restriction of processing can be exercised whether:
- the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful; the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The right to object to personal data processing can be exercised by the data subject at any time where personal data are processed for direct marketing purposes including profiling to the extent that it is related to such direct marketing.
The controller shall no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Cookie policy
What are cookies and what are they for?
Cookies are pieces of information (small text strings) entered onto your browser when a website is visited. They are stored before being re-transmitted to the same sites at the next visit of the same user. They perform different and important functions (implementation of computer authentication, monitoring of sessions, storage of information about specific configurations concerning users accessing the server, memorization of preferences, etc ...). In general, during the navigation a user could receive on his own terminal also cookies of "other" sites (so-called "third party" cookies), set directly by the managers of said websites and used for the purposes and according to the modalities defined by them. Technical cookies allow the site to remember the choices made by the user (such as name, language or region of origin) and provide customized advanced features.
In relation to the above, the owner's website does not use any type of cookie other than the technical cookie necessary to memorize the language change of the site. In particular, browsing this site does not imply any installation on users of profiling cookies
